Free SOHO VPN Solutions

I do a lot of small consulting jobs for "mom and pop" shops...developing small applications, iphone apps, helping with DBA tasks, etc.  A common theme is that I need to remotely work on their network resources.  How do you do this when the customer is small, remote, and may not have the latest versions of Windows nor expensive Cisco networking gear?  

In this post I'll take you over how I accomplish logging in to a remote network with minimal setup (and cost).  I wish there was one simple, universal way to do this on every network, but there isn't.  Depending on the client's version of windows and their router you may need various alternative solutions.  I'll show you how a setup a VPN, remotely, for free, using three different methods that have always (so far) worked.  You can also use these tricks to VPN to your home network from your job, or from your home to your neighbor, which is good for off-site encrypted backups using peer-to-peer networking (but that's another post).  

Simplest Solution:  MS Windows PPTP and L2TP VPNs

The easiest way is to set up a PPTP or L2TP Windows VPN, which is about 10 mouse clicks that you can talk "pop" through over the phone in 10 mins.  This method works about 80% of time in my experience.  No reboot or software necessary, works on any version of Windows since at least XP, and works over FiOS and Comcast.  

Ah, but sometimes this solution will not seem to work.  Wny is that?  Invariably the client has a SOHO (small office/home office) all-in-one wireless router between their network and their ISP.  Now the client has to poke holes in their router, and even then PPTP and L2TP require GRE packets which some of the cheaper SOHO routers won't pass through.  The ubiquitous WRT54G2 by Linksys is a case in point.  It is the best selling home wireless router EVER.  It claims to pass GRE packets around, but it does NOT.  PPTP and L2TP VPNs will not work over these things.  

(The original WRT54G2 and the updated model...these routers have VPN "issues")


You could just spend $79 and have the client buy a better SOHO router, but I'm frugal.  So, native Windows VPN isn't working for you...what next?  

LogMeIn Hamachi

It's free and a simple download that runs on each "resource" that you need access to on both the local and remote side.  The actual VPN is managed remotely by LogMeIn and you provide a "network name" and "password" that all clients can use to network.  Some people call this a "cloud-based VPN".  Once everyone is connected you use network resources as you normally would.  Problems:  

  • I have a problem with remotely managed stuff where a third party basically can have complete control of anything unsecured on my network.  These mom and pop shops tend to have file shares where Everyone has full control. Anyone who gets your "network name" and "password" and a copy of Hamachi effectively has control of your network.   
  • It doesn't run as a service

But you can get it setup quickly.  Honestly, I usually have the client install this first when I have PPTP VPN setup issues (darn Linksys routers).  Then I remote in and configure something better and uninstall this.  What I found works best is...


This is open source software that runs on almost any OS.  It is geared toward the Linux/scripting crowd though.  There is an admin GUI, but it's less than helpful.  And you have to learn about TAP and TUN adapters and when to use them.  And there is no standard Windows authentication (or even user/password) out-of-the-box.  And you must setup a certificate for your server and keys for every VPN user.  Then you must distribute the keys, securely.  And then you must...I'm exhausted just writing this paragraph.  So, this requires me to have a site visit just to get the VPN going. 

The above was my, and many people's, first impressions of OpenVPN for many, many years.  OpenVPN just wasn't a one-click install and "lights out" after that.  My biggest frustration was figuring out how to bridge and route some traffic and not other traffic.

This is no longer an issue as the fine folks at OpenVPN have created one-click VPN "appliances" that run on VMWare and VirtualServer.  

I have yet to have a network or hardware configuration that OpenVPN could not support.  Ever.  It just works.  And it is now simple to setup with no Linux experience necessary.  

Here is how you set it up:  

  1. Have your customer install VMWare Player and install it.  There is a VirtualServer version too, but it needs a 64bit Virtual Server.  And many of these mom and pop shops don't have that.  
  2. Download and run the VM appliance
  3. It boots right to a wizard where you assign a simple user authentication system.  
  4. Poke a hole in your customer's router for Port 1194.  
  5. On your client machine download the OpenVPN client software.  Don't bother configuring a .ovpn file when it asks you.  Just connect to your customer's IP address:1194.  You will be prompted for a user/password and you are in.  The configuration file is pushed down from the server.  
  6. When you are done "remoting in" have your customer stop the VMWare Player.  When you need to reconnect just have your customer run the VMWare Player again.  

Couldn't be easier when your router won't support M$'s native VPN abilities.